The proposed PROTECT IP law won't protect anything and, duh, will hurt Internet security, too
Comedian Bill Maher has this shtick he calls "New Rules". In New Rules, he makes up a rule he thinks it'd be smart for us to abide by. For example, he says, "New rule: Canadian bacon isn't bacon. It's ham."
In that spirit, I've got one. New rule: whenever the RIAA or the MPAA back some sort of legislation, it's bad for America and it's bad for the Internet.
Why? Because lawmakers are being stupid again and, as has often been the case, the stupidity is being egged on by the MPAA (Motion Picture Association of America).
American lawmakers are trying to pass a bill called PROTECT IP, which -- despite what you might think -- is not trying to protect Internet protocols, but instead is trying to protect intellectual property.
Of course, as you might imagine, if passed this law will do neither.
You may think I pick on Republican congress-o-critter Darrell Issa a lot, and you may be right. He's often doing or saying something kinda dumb. But, although it's been a while, I also pick on Democratic Sleestak Senator Patrick Leahy, also often for doing something I consider particularly ill-advised.
See? I'm an equal opportunity party-knocker.
As it turns out, Leahy is backing the PROTECT IP (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011) Act. While we all want our intellectual property protected (there's a whole raft of foreign Web sites that seem to like to republish my stuff, for example), the way PROTECT IP is going about it is, well, just about what you'd expect to come out of Washington politicians fed MPAA and RIAA propaganda.
In other words, it's stupid.
A key principle of PROTECT IP is that if a Web site is determined to be primarily a purveyor of pirated media, the Justice Department can order various Internet service providers in the DNS chain to re-route DNS requests away from that site, presumably to point to a DOJ-provided site that displays the digital equivalent of a scarlet letter (in other words, says the site's been bad and is now offline).
On the surface, this might seem like a good strategy to stop bad people. But the Internet runs on the DNS system and, while the details are often hidden from the view of the average consumer, changes to the DNS system could radically damage Internet reliability and security.
In particular, according to an interview by Afterdawn's Rich Fiscus with Paul Vixie, the primary author of BIND (which just so happens to be the most widely used domain name server on the Internet).
According to Vixie, PROTECT IP gets in the way of a new DNS security protocol called DNSSEC. The idea with DNSSEC is that each DNS provides an encrypted "signature", allowing your computer to know that, in fact, the IP address returned for the domain name you're requesting is legitimate.
DNSSEC also allows domain name servers to route around failed requests. Routing around failure is, of course, at the core of what makes the Internet the Internet. However, Vixie claims the proposed law does not permit routing around failed DNSSEC requests (basically, because the bill wants to force the DOJ-provided spoofed IP address to be the only ones available to American computers).
Therefore, claims Vixie, if you can't route around failures and you can't determine what's a valid IP and what's a DOJ-spoofed IP, you can't tell what's real and what's not.
This, of course, leads to two problems. First, an important anti-phishing security resource developed by the Internet technical community would be rendered essentially illegal, and, second, it won't work, anyway.
It's ridiculously simple to choose a different DNS, say one operating in Europe, and use that DNS's resolution to get to the IP address of the DOJ-bypassed Web site.
In other words, the proposed law is stupid and won't work and will break good security procedures that consumers need.
Gotta love them lobbyists. Combine lobbyists with technically-weak politicians and you have a recipe for foolishness.